Bangkok Airways hit by LockBit ransomware attack, loses lotsa data after refusing to pay Bangkok Airways has revealed it was the victim of a cyberattack from ransomware group LockBit on August 23rd, resulting in the publishing of stolen data. Bangkok Airways' announcement about the matter came last Thursday, a day after LockBit posted a message on its dark web portal threatening the airline to pay a ransom or …
I worry about this. So I back up my data every week and scp it to a remote disk.
If I am ever hit with this I will only lose one week's data, which while painful isn't too bad. I never miss a backup, because my data is important to me. Also, for my bank account login details I never save them on my laptop, so if they do get my data they still won't be able to log in to my accounts.
Finally, I lock my other logins with a master password on Firefox. I'm not sure how safe that is but at least it is one more hurdle for them to overcome.
And hackers look for precisely this behavior. A backup is worthless if it is not "tested". It is only if you can recreate the information you backed up can you trust that the hacker hasn't tampered with something in your backup process.
It could something simple, like modifying your scp to encrypt using a public key before storing the file on the other side. Or it could be just storing 0's.
That is something simple. Hackers are a lot more creative.
Merseyrail has a pretty decent track record for running trains on time, at least compare to other train operators. On the most recently published stats, they came 3rd after C2C and TfL Rail.
Generally, train operators that are managed by local or regional government, such as Merseyrail, do better than those managed by central government.
The airline was given five days to sort payment, but instead of coughing up it disclosed the breach. LockBit responded by publishing the lot. Competing claims about the resulting data dump rate it at 103GB and over 200GB.
I'm pretty sure it wasn't the lot or the victim would refuse to pay and just get back all their stolen data from the whichever shady corner of internet its ended up at (hoping it wasn't tampered with).
It's possible the ransom wasn't to get the data back, but to prevent it from being published. Regardless, refusing to pay the ransom and publicly declaring details about the incident were the Right Thing to do.
If only there was a way to slip something destructive into a cryptocurrency payment. "Here's an installment on the payment... oh, looks like your systems just leaked their location. And your Bitcoin account password..."
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
